Hail Mary Cloud

The Hail Mary Cloud was, or is, a password guessing botnet, which used a statistical equivalent to brute force password guessing.

The botnet ran from possibly as early as 2005, and certainly from 2007 until 2012 and possibly later. The botnet was named and documented by Peter N. M. Hansteen.

The principle is that a botnet can try several thousands of more likely passwords against thousands of hosts, rather than millions of passwords against one host. Since the attacks were widely distributed, the frequency on a given server was low and was unlikely to trigger alarms. Moreover, the attacks come from different members of the botnet, thus decreasing the effectiveness of both IP based detection and blocking.